public void buildGui(O2MappedAstData astData)
{
AstData = astData;
INodeTypeFilter = "";
INodeValueFilter = "";
buildGui();
loadDataInGui();
}
public O2_DotNet_Ast_Engine()
{
this.width(500);
this.height(400);
AstData = new O2MappedAstData();
ReferencedAssemblies = new Dictionary <string, Assembly>();
//CreatedO2Findings = new List<IO2Finding>();
//MethodStreams = new Dictionary<IMethod, string>();
}
public static List <string> createO2MethodStreamFiles(this O2MappedAstData o2MappedAstData, List <string> sourceFiles, string targetFolder)
{
var createdFiles = new List <String>();
foreach (var file in sourceFiles)
{
createdFiles.AddRange(o2MappedAstData.createO2MethodStreamFiles(file, targetFolder));
}
return(createdFiles);
}
public static List <string> createO2MethodStreamFiles(this O2MappedAstData o2MappedAstData, List <IMethod> iMethods, string targetFolder)
{
var files = new List <string>();
foreach (var iMethod in iMethods)
{
files.add(o2MappedAstData.createO2MethodStreamFile(iMethod, targetFolder));
}
return(files);
}
public static List <string> createO2MethodStreams_UseCache_ReturnFile(this O2MappedAstData o2MappedAstData, List <IMethod> iMethods, FileCache fileCache, string cacheExtension)
{
var methodStreams = new List <string>();
foreach (var iMethod in iMethods)
{
methodStreams.Add(o2MappedAstData.createO2MethodStream_UseCache_ReturnFile(iMethod, fileCache, cacheExtension));
}
return(methodStreams);
}
public void resetLoadedData()
{
if (AstData.notNull())
{
AstData.Dispose();
}
AstData = new O2MappedAstData();
ReferencedAssemblies.Clear(); // = new Dictionary<string, Assembly>();
}
public void launchGui()
{
var astData = new O2MappedAstData();
astData.loadFiles(@"C:\O2\DemoData\HacmeBank_v2.0 (Dinis version - 7 Dec 08)\HacmeBank_v2_WS\classes".files());
var control = O2Gui.open <Panel>("test ascx_WriteRule", 700, 500);
var writeRule = control.add_Control <ascx_WriteRule>();
writeRule.buildGui(astData);
}
public void launchGui()
{
var astData = new O2MappedAstData();
//astData.loadFile("HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click.cs".local());
var control = O2Gui.open <Panel>("AST Search (.NET Static Analysis)", 1000, 600);
var searchAST = control.add_Control <ascx_SearchAST>();
searchAST.buildGui(astData);
}
public void launchGui()
{
var astData = new O2MappedAstData();
astData.loadFile("HacmeBank_v2_Website.ascx.PostMessageForm.btnPostMessage_Click.cs".local());
var control = O2Gui.open <Panel>("test ascx_ViewAST", 1000, 600);
var viewAST = control.add_Control <ascx_ViewAST>();
viewAST.buildGui(astData);
}
public ascx_Interactive_MethodCalls setData(O2MappedAstData astData,
Dictionary <string, List <String> > methodsCalledMappings,
Dictionary <string, List <String> > methodIsCalledByMappings,
List <string> allMethods)
{
AstData = astData;
MethodsCalledMappings = methodsCalledMappings;
MethodIsCalledByMappings = methodIsCalledByMappings;
AllMethods = allMethods;
return(this);
}
public Saved_MethodStream(O2MappedAstData astData, IMethod iMethod, bool createCodeStreams) : this()
{
this.RootMethod = this.methodStreamItem(astData, iMethod);
this.createMethodStream(astData, iMethod);
this.map_MethodStreamItems(astData);
if (createCodeStreams)
{
this.createCodeStreams();
}
}
public static string parentClassSignature(this O2MappedAstData astData, INode iNode)
{
var typeDeclaration = iNode.parent <TypeDeclaration>();
if (typeDeclaration.notNull())
{
var iClass = astData.iClass(typeDeclaration);
if (iClass.notNull())
{
return(iClass.DotNetName);
}
}
return("");
}
public static T view_AstNodes_SourceCode_Locations <T>(this O2MappedAstData astData, List <AbstractNode> astNodes, T control)
where T : Control
{
var codeViewer = control.add_SourceCodeViewer();
var treeView = codeViewer.insert_Left <Panel>(400).add_TreeView().sort();
astData.afterSelect_ShowInSourceCodeEditor(treeView, codeViewer.editor());
foreach (var astNode in astNodes)
{
treeView.add_Node("{0} - {1}".format(astData.getTextForINode(astNode), astNode), astNode);
}
treeView.selectFirst();
return(control);
}
public static O2MethodStream createO2MethodStream(this O2MappedAstData o2MappedAstData, IMethod iMethod, bool mapInterfacesCalls)
{
var o2MethodStream = new O2MethodStream(o2MappedAstData);
o2MethodStream.add_IMethod(iMethod);
if (mapInterfacesCalls)
{
o2MethodStream.resolveInterfaceCalls();
}
//add to O2MethodStreamCache
O2MethodStreamCache.add(iMethod, o2MethodStream);
return(o2MethodStream);
}
public static string createO2MethodStreamFile(this O2MappedAstData o2MappedAstData, IMethod iMethod, string targetFolder)
{
var targetFile = targetFolder.pathCombine(iMethod.DotNetName + ".cs");
if (targetFile.fileExists())
{
"in O2MappedAstData.createO2MethodStreamFile, target method stream already exists: {0}".debug(iMethod.DotNetName);
}
else
{
o2MappedAstData.createO2MethodStream(iMethod).csharpFile(targetFile);
}
return(targetFile);
}
public Location(O2MappedAstData astData, IMethod iMethod)
{
File = astData.file(iMethod);
var methodDeclaration = astData.methodDeclaration(iMethod);
if (methodDeclaration.notNull())
{
Line = methodDeclaration.StartLocation.Line;
Column = methodDeclaration.StartLocation.Column;
Line_End = methodDeclaration.EndLocation.Line;
Column_End = methodDeclaration.EndLocation.Column;
}
}
public void createMethodStream(IMethod iMethod)
{
MethodStream = AstEngine.AstData.createO2MethodStream(iMethod);
MethodStreamFile = MethodStream.csharpCode().saveWithExtension(".cs");
CodeViewer.open(MethodStreamFile);
CodeStreamCodeViewer.open(MethodStreamFile);
if (AstData_MethodStream.notNull())
{
AstData_MethodStream.Dispose();
}
AstData_MethodStream = new O2MappedAstData();
AstData_MethodStream.loadFile(MethodStreamFile);
}
public Step_MethodStreams(O2_DotNet_Ast_Engine astEngine)
{
AstEngine = astEngine;
MethodsFilter = "";
AstData_MethodStream = new O2MappedAstData();
//CodeStream = new O2CodeStream();
buildGui();
loadDataInGui();
TaintRules = new O2CodeStreamTaintRules();
TaintRules.add_TaintPropagator("System.String.Concat");
//taintRules.add_TaintPropagator("System.String");
}
public static string parentMethodSignature(this O2MappedAstData astData, INode iNode)
{
var methodDeclaration = iNode.parent <MethodDeclaration>();
if (methodDeclaration.notNull())
{
var iMethod = astData.iMethod(methodDeclaration);
if (iMethod.notNull())
{
return(iMethod.fullName());
}
}
return("");
}
public static string add_Properties(this O2MappedAstData astData, string targetFolder)
{
//return methodMappingsIndexedBySignature;
//handle Properties
var propertyMappings = new Dictionary <string, List <KeyValuePair <INode, IMethodOrProperty> > >();
// show.info(methodMappingsIndexedBySignature);
var fileName = "_MethodMapings_For_Properties";
//var md5Hash = fullName.safeFileName().md5Hash();
var savedPropertiesMappingsFile = targetFolder.pathCombine(fileName) + ".xml";
if (savedPropertiesMappingsFile.fileExists())
{
return(savedPropertiesMappingsFile);
}
var propertyRefs = new List <INode>();
foreach (var propertyDeclaration in astData.MapAstToNRefactory.IPropertyToPropertyDeclaration.Values)
{
"Mapping property: {0}".info(propertyDeclaration.Name);
propertyRefs.add(propertyDeclaration.iNodes <INode, MemberReferenceExpression>());
propertyRefs.add(propertyDeclaration.iNodes <INode, InvocationExpression>());
propertyRefs.add(propertyDeclaration.iNodes <INode, ObjectCreateExpression>());
}
// show.info(propertyRefs);
try
{
foreach (Expression propertyRef in propertyRefs)
{
var methodOrProperty = astData.fromExpressionGetIMethodOrProperty(propertyRef);
var nodeText = astData.getTextForINode(propertyRef); // propertyRef.str();
propertyMappings.add(nodeText, new KeyValuePair <INode, IMethodOrProperty>(propertyRef, methodOrProperty));
}
}
catch (Exception ex)
{
ex.log("in add_Property");
}
var tempFile = astData.saveMappings(propertyMappings);
if (tempFile.fileExists())
{
Files.MoveFile(tempFile, savedPropertiesMappingsFile);
}
return(savedPropertiesMappingsFile);
/// PROPERTIES
}
public static TreeView getTreeViewToShowMethodsMappings(this O2MappedAstData astData, Control control, ascx_SourceCodeViewer sourceCodeViewer)
{
// create GUI
control.clear();
var treeView = control.add_TreeView()
.showSelection()
.sort();
astData.afterSelect_ShowInSourceCodeEditor(treeView, sourceCodeViewer.editor());
treeView.afterSelect <IMethod>(
(iMethod) =>
{
var methodDeclaration = astData.MapAstToNRefactory.IMethodToMethodDeclaration[iMethod];
sourceCodeViewer.set_Text(methodDeclaration.csharpCode());
});
return(treeView);
}
public static O2MappedAstData get(string file)
{
if (CacheEnabled && Cached_O2MappedAstData.hasKey(file))
{
// "[Ast_Engine_Cache] using O2MappedAstData cached version of file: {0}".debug(file);
return(Cached_O2MappedAstData[file]);
}
// "[Ast_Engine_Cache] creating O2MappedAstData for file: {0}".debug(file);
var astData = new O2MappedAstData();
astData.loadFile(file);
if (CacheEnabled)
{
Cached_O2MappedAstData.add(file, astData);
}
return(astData);
}
public static string createO2MethodStream_UseCache_ReturnFile(this O2MappedAstData o2MappedAstData, IMethod iMethod, FileCache fileCache, string cacheExtension)
{
if (iMethod.isNull())
{
return(null);
}
var csharpCodeFile = fileCache.cacheGet_File(iMethod.fullName(), cacheExtension);
if (csharpCodeFile.valid().isFalse())
{
"Creating MethodStream for iMethod: {0}".debug(iMethod.DotNetName);
var methodStream = o2MappedAstData.createO2MethodStream(iMethod);
var cSharpCode = methodStream.csharpCode();
csharpCodeFile = cSharpCode.saveWithExtension(cacheExtension);
return(fileCache.cachePut(iMethod.fullName(), ".cs", cSharpCode));
}
return(csharpCodeFile);
}
public static Dictionary <IMethod, string> showMethodStreams(this O2MappedAstData astData, List <IMethod> iMethods, TreeView treeView, ProgressBar progressBar)
{
treeView.Tag = iMethods;
progressBar.maximum(iMethods.size());
progressBar.value(0);
var methodStreams = new Dictionary <IMethod, string>();
foreach (var iMethod in iMethods)
{
var methodStreamCSharpCode = astData.createO2MethodStream(iMethod).csharpCode();
methodStreams.Add(iMethod, methodStreamCSharpCode);
var nodeText = "{0} ({1} chars)".format(iMethod.name(), methodStreamCSharpCode.size());
treeView.add_Node(nodeText, methodStreamCSharpCode);
progressBar.increment(1);
}
treeView.selectFirst();
return(methodStreams);
}
public static MethodDeclaration getMethodDeclaration(this O2MappedAstData o2MappedAstData, IMethod iMethodToMap)
{
if (o2MappedAstData.MapAstToNRefactory.IMethodToMethodDeclaration.hasKey(iMethodToMap))
{
return(o2MappedAstData.MapAstToNRefactory.IMethodToMethodDeclaration[iMethodToMap]);
}
//foreach(var iMethod in o2MappedAstData.iMethods())
// if (o2MappedAstData.MapAstToNRefactory.IMethodToMethodDeclaration.hasKey(iMethod).isFalse())
// " key not found".error();
foreach (var iMethod in o2MappedAstData.MapAstToNRefactory.IMethodToMethodDeclaration.Keys)
{
if ((iMethod as DefaultMethod).DocumentationTag == (iMethodToMap as DefaultMethod).DocumentationTag)
{
"DocumentationTag: {0}".format((iMethod as DefaultMethod).DocumentationTag).debug();
return(o2MappedAstData.MapAstToNRefactory.IMethodToMethodDeclaration[iMethod]);
}
}
return(null);
}
public static int getINodePosition(this O2MappedAstData astData, MethodMapping methodMapping)
{
var position = -1;
var methodSignature = methodMapping.ParentMethod;
var iMethod = astData.iMethod_withSignature(methodSignature);
var methodDeclaration = astData.methodDeclaration(iMethod);
var iNodes = methodDeclaration.iNodes();
if (iNodes.isNull())
{
return(position);
}
var iNodeAtLocation = astData.iNode(methodMapping.File, methodMapping.Start_Line, methodMapping.Start_Column);
for (int i = 0; i < iNodes.size(); i++)
{
if (iNodes[i] == iNodeAtLocation)
{
position = i;
break;
}
}
if (position.eq(-1))
{
return(position);
}
//Hack to try to find the exact INode we had before
if (position.typeName() != methodMapping.INodeType)
{
if (position > 0 && iNodes[position - 1].typeName() == methodMapping.INodeType)
{
position--;
}
else
if (position < (iNodes.size() - 1) && iNodes[position + 1].typeName() == methodMapping.INodeType)
{
position++;
}
}
return(position);
}
public static List <IO2Finding> calculate_Url_to_EntryMethod_Mappings(string pathWithSourceFiles, string urlBase, string port, ProgressBar progressBar)
{
var o2Findings = new List <IO2Finding>();
var filesToAnalyze = pathWithSourceFiles.files("*.cs", true);
progressBar.maximum(filesToAnalyze.size());
foreach (var file in filesToAnalyze)
{
"Processing file:{0}".info(file);
var url = urlBase.format(port, file.replace(pathWithSourceFiles, "").replace(".ascx.cs", ""));
foreach (var type in file.csharpAst().types(true))
{
foreach (var baseType in type.BaseTypes)
{
if (baseType.str() == "System.Web.UI.UserControl")
{
var astData = new O2MappedAstData();
astData.loadFile(file);
foreach (var iMethod in astData.iMethods())
{
var o2Finding = new O2Finding();
o2Finding.vulnName = url;
o2Finding.vulnType = "Web EntryPoint";
var source = new O2Trace(url);
var sink = new O2Trace(iMethod.fullName());
source.traceType = TraceType.Source;
sink.traceType = TraceType.Known_Sink;
source.childTraces.Add(sink);
o2Finding.o2Traces.Add(source);
o2Findings.Add(o2Finding);
}
}
}
}
progressBar.increment(1);
}
return(o2Findings);
}
public string createMethodMappings()
{
if (ShowLogViewer)
{
showLogViewer();
}
"Loading Ast source files from folder: {0}".info(SourceFolder);
O2MappedAstData astData = SourceFolder.getAstData(References, UseCachedData);
"There are {0} AST files loaded".debug(astData.files().size());
"Calculating MethodsMappings".info();
var methodMapingsIndexedBySignature = astData.externalMethodsAndProperties(MethodFilter, ResultsFolder, NumberOfItemsToProcess)
.indexedBy_ResolvedSignature();
//var methodMapingsIndexedBySignature = new Dictionary<string,List<KeyValuePair<INode,IMethodOrProperty>>>();
// if (addProperties)
astData.add_Properties(ResultsFolder);
var savedFile = astData.saveMappings(methodMapingsIndexedBySignature);
"MethodMappings saved to: {0} : {1}".info(savedFile, ((Int32)savedFile.fileInfo().size()).kBytesStr());
//PublicDI.log.showMessageBox("Click Ok to continue");
"AstData loaded".info();
if (LogViewer.notNull())
{
LogViewer.parentForm().close();
}
return(savedFile);
//show.info(astData);
//"Hello there".info();
//show.info(astData);
//return "done";
}
public ascx_WriteRule(O2MappedAstData astData) //O2_DotNet_Ast_Engine astEngine)
{
buildGui(astData);
}
public void build_CreateAllMethodStreamsTab(Control hostControl)
{
var allMethodStreamsPanel = hostControl.add_1x1("Options", "All Method Streams", false, 50);
var sourceCode = allMethodStreamsPanel[1].add_SourceCodeViewer(); //add_MethodStreamViewer();
var treeView = sourceCode.insert_Left <TreeView>(300)
.showSelection()
.sort()
.afterSelect <string>(
(filePath) => sourceCode.open(filePath));
var targerFolder = PublicDI.config.getTempFolderInTempDirectory("_AllMethodStreams");
allMethodStreamsPanel[0].parent <SplitContainer>().borderNone();
var optionsPanel = allMethodStreamsPanel[0].parent().clear();
var progressBar = optionsPanel.add_ProgressBar(25, 0).align_Right(optionsPanel);
optionsPanel.add_LabelAndTextAndButton("Target Directory", targerFolder, "Create",
(text) => {
AstData.createAllMethodsStreams(text, progressBar, null);
foreach (var file in targerFolder.files())
{
treeView.add_Node(file.fileName(), file);
}
treeView.selectFirst();
});
progressBar.onDrop(
(fileOrFolder) => {
if (fileOrFolder.fileExists())
{
AstData.loadFile(fileOrFolder);
}
else
{
AstData.dispose();
AstData = new O2MappedAstData();
AstData.loadFiles(fileOrFolder.files("*.cs", true));
}
});
//tabPages.Add(tabControl.add_Tab("Step 2: Create Code Streams"));
//tabPages.Add(tabControl.add_Tab("Step 1: Create Final Findings"));
//Create all Method Streams
//var controls = tabPages;
//var MethodStreamPanel = controls[0].add_1x1("Current ","MethodStreams", false);
/*
* var CodeStreamPanel = controls[1].add_1x1("Create CodeStreams", "CodeStreams", false);
* var FindingsPanel = controls[2].add_1x1("Create Findings", "Final Findings",false);
*
* // MethodStreamPanel
* MethodStreamScript = MethodStreamPanel[0].add_Script(false);
* MethodStreamViewer = MethodStreamPanel[1].add_MethodStreamViewer();
*
* //CodeStreamPanel
* CodeStreamScript = CodeStreamPanel[0].add_Script(false);
* var CodeStreamScriptResult = CodeStreamPanel[1].add_1x1("Code Streams", "Raw Findings", true, CodeStreamScript.width()/2);
*
* CodeStreamViewer = CodeStreamScriptResult[0].add_CodeStreamViewer();
* RawFindingsViewer = CodeStreamScriptResult[1].add_FindingsViewer();
*
*
* //RawFindingsViewer = FindingsPanel[1].add_FindingsViewer();
* //CodeStreamViewer = MethodStreamPanel[1].add_CodeStreamViewer();
*
*
* // FindingsPanel
* FindingsScript = FindingsPanel[0].add_Script(false);
* FinalFindingsViewer = FindingsPanel[1].add_FindingsViewer();
*
* //var controls2 = host[1].add_1x1x1(true);
*
* // extra vars
*
* // script parameters
* var scriptParameters = new Dictionary<string,object>();
* scriptParameters.Add("methodStreamViewer", MethodStreamViewer);
* scriptParameters.Add("codeStreamViewer", CodeStreamViewer);
*
* scriptParameters.Add("rawFindingsViewer", RawFindingsViewer);
* scriptParameters.Add("finalFindingsViewer", FinalFindingsViewer);
*
* scriptParameters.Add("astData", AstData);
*
* MethodStreamScript.InvocationParameters.AddRange(scriptParameters);
* CodeStreamScript.InvocationParameters.AddRange(scriptParameters);
* FindingsScript.InvocationParameters.AddRange(scriptParameters);
*
*/
}
